The Subscribe to Category contains a sql_injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. [已公开] id: CVE-2023-32590 info: name: Subscribe to Category <= 2.7.4 - SQL Injection author: Shivam Kamboj severity: critical description: | The Subscribe to Category contains a sql_injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. impact: | Attackers can execute arbitrary SQL commands, potentially leading to data leakage, modification, or deletion. remediation: | Update to the latest version beyond 2.7.4 or apply security patches that neutralize special elements in SQL queries. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/subscribe-to-category/subscribe-to-category-274-unauthenticated-sql-injection - https://nvd.nist.gov/vuln/detail/CVE-2023-32590 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L cvss-score: 9.3 cve-id: CVE-2023-32590 epss-score: 0.19324 epss-percentile: 0.95236 cwe-id:

未知